Chargeback fraud

From Wikipedia, the free encyclopedia

Chargeback fraud, also known as friendly fraud, cyber shoplifting[1], or liar-buyer fraud,[2] occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent.[3] Dependent on the payment method used, the merchant can be accountable when a chargeback occurs.[4][better source needed]

History[edit]

Friendly fraud has been widespread on the Internet, affecting both the sale of physical products and digital transactions. To combat digital transaction fraud, prepaid cards have been offered as an effective alternative to ensure customer payment.[5]

MasterCard was sued in 2003 by an Internet vendor for having credit card policies and fees that have made Internet vendors especially vulnerable targets of friendly fraud. Internet vendors typically have to pay much of the losses when a fraudulent transaction like friendly fraud occurs.[6]

In recent years, a new variant of friendly fraud, involving bank transfers as opposed to credit card payments, has been documented in Europe. SEPA credit transfers can be recalled within ten working days of settlement by the payer's bank.[7] While merchants may be under the (outdated) impression that bank transfers are permanent, this is no longer the case as the SEPA rules replaced domestic bank transfer schemes throughout Europe. Adding to the issue is that some receiving banks have handled SEPA SCT Recall requests without due care and are reverting payments without consulting the payee. This has allowed some payers to fraudulently recall bank transfers after having received goods or services from the payee.[8]

Overview[edit]

Physical products[edit]

Online merchants who sell physical products cannot fully protect themselves. The only way to have concrete protection is to take an imprint of the card (and even with card readers/makers this can easily be duped), along with photo ID. That signature, in addition to information gathered online, can help in the resolution of chargeback disputes but contractually is no guarantee. Also, the merchant can request the card security code on the credit card to fight "Card absent environment" or "Card Not Present" (CNP) chargebacks. These are the three digit codes on the backs of Visa, MasterCard, and Discover cards, and the four digit code on the front of American Express cards.

Digital transactions[edit]

Friendly fraud thrives in the digital products market where it is much easier for fraudsters to succeed. Common targets include pornography and gambling websites.[9] Attempts by the merchant to prove that the consumer received the purchased goods or services are difficult. Again, the use of card security codes[10] can show that the cardholder (or, in the case of the three-digit security codes written on the backs of U.S. credit cards, someone with physical possession of the card or at least knowledge of the number and the code) was present, but even the entry of a security code at purchase does not by itself prove that delivery was made, especially for online or via-telephone purchases where shipping occurs after finalization of the contract. Proof of delivery is often difficult, and when it cannot be provided, the cardholder gets the product without paying for it.

One method of combating friendly fraud is to create a feature in the product that checks in with the merchant's database. If a chargeback is issued, the merchant can tell the product to suspend service. This tactic will also work for digital subscription services or any other online product that requires updates or logins. The merchant will usually still be charged a fee for incurring a chargeback, so this is not a complete solution.

Call center transactions[edit]

Another common channel for chargebacks is mail order/telephone order (MOTO) payment processing through a call center. In this case, as with the two others listed here, the main problem is that this is a card not present transaction. To help eliminate call center purchase chargebacks, call centers are working to make the purchases more like card present purchases.

When consumers walk into a store and buy something, they typically swipe their credit cards, confirm the purchase amount, enter a secret code (or sign their name) and leave with the merchandise. This is a card present purchase and fraudulent chargebacks in these situations are almost non-existent.

Agent-assisted automation technology is available for call centers that allows customers to enter their credit card information, including the card security code directly into the customer relationship management software without the agent ever seeing or hearing it. The agent remains on the phone, so there is no transfer to an interactive voice response system. All the agent can hear is monotones. This is the "card present" equivalent of "swiping" the card.

Before the purchase is submitted by the agent, the purchase amount is played back to the consumer along with the last four digits of the card. The consumer is asked to confirm their purchase by providing a verbal signature, which is recorded.

Finally, an email is sent to the consumer with the purchase information and an attached audio file of their verbal signature.

Cost to merchants[edit]

Regardless of the outcome of the chargeback, merchants generally pay a chargeback fee which typically ranges anywhere from $20 to $100.[11] A 2016 study by LexisNexis stated that chargeback fraud costs merchants $2.40 for every $1 lost. This is because of product-loss, banking fines, penalties and administrative costs.[12] A 2018 study by the Aite Group on charge back costs, stated that U.S. CNP fraud losses for 2017 were $4 billion and estimated that by 2020 they would rise to $6.4 billion.[13]

Prevention methods[edit]

The international card payment schemes define rules where the liability shift to the issuing bank of the card becomes liable for the payment if the merchant applied the provided 3D Secure Authentication Method. For payments within the EEA the liability between the payment service provider of the payee and payment service provider of payment service user is regulated.[14][15]

The proliferation of online payment methods, including mobile apps, and the increasing sophistication of the fraudulent actors, including bots, have made the task of detecting and preventing charge back fraud, particularly online, more complex. According to a 2018 Gartner report on online fraud, retailers are increasingly turning to machine-learning based (or AI) fraud prevention system to make rapid, effective risk decisions.[16]

References[edit]

  1. ^ "Don't Let Cyber Shoplifters Get Away With Your Goods!". Chargebacks911. 2022-09-07. Retrieved 2023-12-09.
  2. ^ Markus Jakobsson; Hossein Siadati; Mayank Dhiman (February 7, 2015). "Liar Buyer Fraud, and How to Curb It" (PDF). Network and Distributed System Security Symposium.
  3. ^ Tahor, Ofir. "Council Post: Friendly Fraud Looms Large As New Pay Later Options Arrive". Forbes. Retrieved 2023-06-23.
  4. ^ Poole, Riley (January 5, 2008). "Understanding Friendly Fraud". Merchant Talk. Archived from the original on December 30, 2011. Retrieved June 22, 2022.
  5. ^ Sheffield, Brandon (September 7, 2007). "Nexon's Min Kim On The Power Of Microtransactions". Gamasutra.
  6. ^ Bayot, Ruben (May 13, 2003). "Company Sues MasterCard Over Fees for Online Sales". New York Times.
  7. ^ As an example, UK building society Nationwide notes under "Important Information" that "A payer can recall a SEPA Credit Transfer within 10 working days of it being paid into your account. If this happens we'll deduct the SEPA Credit Transfer from your account.", "All about SEPA Payments". Archived from the original on 2017-10-26. Retrieved 2017-10-25.
  8. ^ Yang, Maximilian (September 1, 2016). "Card Payments and Consumer Protection in Germany" (PDF). Anglo-German Law Journal. Archived from the original (PDF) on July 5, 2017. Retrieved October 25, 2017.
  9. ^ Ritchtell, Matt; John Schwartz (November 18, 2002). "Credit Cards Seek New Fees on Web's Demimonde". New York Times.
  10. ^ Lee, Jen Grondahl; Scott, Gini Graham (2017-03-17). Preventing Credit Card Fraud: A Complete Guide for Everyone from Merchants to Consumers. Rowman & Littlefield. ISBN 978-1-4422-6800-5.
  11. ^ "Disputing Chargebacks: 8 Questions Merchants Ask Most Often". Ethoca. November 26, 2020.
  12. ^ "2016 LexisNexis® True Cost of Fraud 7 SM Study" (PDF). LexisNexis. Retrieved 2016-05-01.
  13. ^ Conroy, Julie (November 15, 2018). "The Global Chargeback Landscape". aitegroup.com. Aite Group LLC.
  14. ^ Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance), vol. OJ L, 2015-12-23, retrieved 2021-04-01
  15. ^ "Regulatory Technical Standards on strong customer authentication and secure communication under PSD2". European Banking Authority. 2019-04-12. Retrieved 2021-04-01.
  16. ^ Care, Jonathan; Phillips, Tricia (January 31, 2018). "Market Guide for Online Fraud Detection". gartner.com. Gartner, LLC. Retrieved 3 January 2019.